Goes back to my previous post re airgroups. wpa2-psk devices have their mac addresses regiatered in clearpass guest and if appropriate airgroup_enable = 1 and shared airgroup =personal
Because we have a whole batch of ACLs applied to wifi devices that include blocking client to client connectivity, for airgroups I need to apply another set of ACLS that allow airgroup functuonality to work. This is done by default for clearpass guest registered devices
For 802.1x devices I have 2 choices
1). Register the mac address of the airgroup client device in clearpass guest and apply the same ACLs - this works just fine, but means the user has to register every device they've got.
2). Try to do something automagically.
As we are only providing personal airgroup functionality at the moment, If a user has registered a number of airgroup devices ( chromecast apple tv etc) then we want any 802.1x devices authenticating onto our wpa2-enterprise network with a userid that = the sponsor name of the registered devices to have the same ACL set as the wpa2-psk devices and so I can set the appropriate Aruba-Airgroup-userid attribute.
If I can count the number of devices registered by a SponsorName = Authentication:Username if its not 0 I can apply appropriate set of ACLs to enable the client device to see the registered airgroup devices without registering anything.
I know I can put my Username into the airgroup_shared_user attribute but that doesn't get me the correct ACL set for the 802.1x device hencde the above
Will happily talk to you at Atmposphere about this but at the moment just need to get a count of devies registered by a particular user
Rgds
Alex